Azure Engineer

Azure Engineer (AKS and NGINX exp) at Dallas, TX

Contract

Job Description

Must Have Technical/Functional Skills

• Define the target reference architecture for greenfield AKS clusters along with engineering team and ensure how bluefield cluster remain undisruptive: control plane choices, private clusters, node pool strategy, upgrade/runway, and regional topology.

• Lead design for NGINX → Azure Managed Gateway API: HTTPRoute/Gateway modeling, TLS/WAF strategy, policy attachments, and weighted/canary traffic for cutover.

• Architect kubenet → Azure CNI (Cilium) migration with new clusters with Engineering team: IP planning, subnet sizing, pod density, surge capacity, cordon/drain and service-by-service move plan.

• Choose/validate dataplane features: Cilium network policy, kube‑proxy replacement (if enabled), Hubble visibility, and implications on performance/SNAT.

• Standardize identity/secrets: Azure - Key Vault CSI; cert lifecycle (Key Vault and/or Gateway API).

• Establish platform guardrails: Azure Policy, RBAC least‑privilege, multi‑tenancy boundaries (namespace/project isolation).

• Define/Follow the GitHub standards: reusable workflows, CODEOWNERS, branch protections, environment approvals, and artifact provenance/signing.

• Own non‑functional requirements: SLOs, HA/DR, capacity modeling, performance budgets, and failover patterns for ingress and data plane.

• Govern delivery: roadmap, cutover criteria, readiness gates; mentor Platform/DevOps on architectural compliance.

• Own the target platform architecture and cutover from NGINX → Azure Managed Gateway API and kubenet → Azure CNI (Cilium) using new clusters/existing cluster. Closely work with Engineering and operation team.

Roles & Responsibilities

• Required experience- AKS/Platform, strong Gateway API (prod ops), NGINX → Azure Managed Gateway API migrations, and deep Azure CNI/Cilium networking (IP planning, subnetting, pod density)

• Define the target reference architecture for greenfield AKS clusters along with engineering team and ensure how bluefield cluster remain undisruptive: control plane choices, private clusters, node pool strategy, upgrade/runway, and regional topology.

• Lead design for NGINX → Azure Managed Gateway API: HTTPRoute/Gateway modeling, TLS/WAF strategy, policy attachments, and weighted/canary traffic for cutover.

• Architect kubenet → Azure CNI (Cilium) migration with new clusters with Engineering team: IP planning, subnet sizing, pod density, surge capacity, cordon/drain and service-by-service move plan.

• Choose/validate dataplane features: Cilium network policy, kube‑proxy replacement (if enabled), Hubble visibility, and implications on performance/SNAT.

• Standardize identity/secrets: Azure - Key Vault CSI; cert lifecycle (Key Vault and/or Gateway API).

• Establish platform guardrails: Azure Policy, RBAC least‑privilege, multi‑tenancy boundaries (namespace/project isolation).

• Define/Follow the GitHub standards: reusable workflows, CODEOWNERS, branch protections, environment approvals, and artifact provenance/signing.

• Own non‑functional requirements: SLOs, HA/DR, capacity modeling, performance budgets, and failover patterns for ingress and data plane.

• Govern delivery: roadmap, cutover criteria, readiness gates; mentor Platform/DevOps on architectural compliance..